This was recently posted on Slashdot (in the Firehose only). Here is my own views of things:
HTTP protocol has been originaly created to enable documents transfer. In the original idea, HTTP is pretty stateless: it consists in a series of transactions that are supposed to be more or less unrelated. Authentication has been added as a feature to enable simple access control on documents.
Of course with the evolution of the Web, appreared merchant sites which needed to:
- Keep a context attached to each user in order to enforce a given page flow (i.e. forbid deep linking).
- Maintain session based data for the user's basket)
- Perform banking transaction for payment
The second evolution of the Web is AJAX and the idea of Web based application (GMail).
All this works with the overstretched old HTTP protocol. In the document that is linked to the post, the protocol evolution suggestions are very shy. I suggest much bolder changes:
To define a real sessionfull mode for HTTP that
- Is based on an explicit persistent TCP connection. Closure of the connection would be equivalent to end of session.
- That is authenticated only once at connection time
- Several transaction could be opened at once but would be identified by a sequence number
- Server based events would be explicily supported by clients and server alike.
- Standard transaction format / RPC protocol such as AMF would be proposed along with the ineficient XML format that I personally dislike for such applicatons.
This would be the proper foundation of web based applications. Note that in the proprietary world, Flash Media Server and its open source counter partn the red5 project are an interesting model or inspiration source for such standard work.
The truth is that such another session based protocol already exists: this is SIP and with some amendment, we could embbed it in Web browser and use SIP over TCP as a control protocol for web based / session based applications. This would be a pretty neat alternative and would avoid the ususal standard duplication that we witness at IEFT so often.